# Security Dashboard — Machine-wide

---

## Header

| Field | Value |
|-------|-------|
| **Report type** | dashboard |
| **Target** | machine-wide (5 projects) |
| **Date** | 2026-05-05 |
| **Version** | llm-security v7.4.0 |
| **Scope** | all Claude Code projects under ~/ + ~/.claude/plugins/ |
| **Frameworks** | OWASP LLM Top 10 |
| **Triggered by** | /security dashboard |

---

## Risk Dashboard

| Metric | Value |
|--------|-------|
| **Machine Grade** | C (weakest link) |
| **Projects Scanned** | 5 |
| **Total Findings** | 87 |
| **Scan Time** | 8.4s |
| **Cache** | Cached (3h old) |

| Severity | Count |
|----------|------:|
| Critical | 1 |
| High | 12 |
| Medium | 28 |
| Low | 24 |
| Info | 22 |
| **Total** | **87** |

**Verdict rationale:** Machine grade is weakest-link rule. The `from-ai-to-chitta` project (Grade D) drags machine to C. Resolving that project would lift machine to B.

---

## Project Overview

| Project | Grade | Risk | Worst Category | Findings |
|---------|-------|------:|----------------|---------:|
| from-ai-to-chitta | D | 56 | MCP Trust | 32 |
| dft-marketplace | C | 31 | Logging & Audit | 28 |
| airbnb-mcp-plugin | C | 41 | Permissions | 14 |
| ktg-plugin-marketplace | B | 22 | Skill Hygiene | 9 |
| nightly-utils | A | 4 | — | 4 |

---

## Trend (since last scan)

| Project | Trend | Δ Risk | Δ Findings |
|---------|:-----:|-------:|-----------:|
| from-ai-to-chitta | worse | +12 | +6 |
| dft-marketplace | stable | 0 | -1 |
| airbnb-mcp-plugin | stable | -2 | 0 |
| ktg-plugin-marketplace | better | -7 | -3 |
| nightly-utils | stable | 0 | 0 |

---

## Errors

No projects failed to scan in this run.

---

## Recommendations

1. **Priority:** Investigate `from-ai-to-chitta` — only Grade D project. Run `/security audit ~/repos/from-ai-to-chitta` for category-level breakdown.
2. **Quick win:** Apply audit-trail fix to `dft-marketplace` (already identified, 30 min) → likely lifts to Grade B.
3. **Maintenance:** Re-run `/security plugin-audit` on `airbnb-mcp-plugin` after maintainer responds to permission-clarification issue.

Estimated effort to Machine Grade B: 4 hours (focused on from-ai-to-chitta + dft-marketplace).

---

*Dashboard complete. 5 projects, machine grade C.*